1. Field of the Invention
The present invention relates to an application-layer security method, system, and computer readable medium for protecting trusted computer applications from executing illegal or harmful operations requested from an unknown or distrusted network. Particularly, the invention relates to application-layer security for preventing resources from being accessed by intruders directly through public networks, e.g., the Internet.
2. Description of Background
The ease, accessibility, and convenience of the Internet has rapidly changed the way people use computers and access information. The World Wide Web (“WWW”), often referred to as ‘The Web,’ is the most popular means for retrieving information on the Internet. The Web gives users access to an almost infinite number of resources such as interlinked hypertext documents accessed by a hypertext transfer protocol (“HTTP”) from servers located around on the world. The Web operates in a basic client-server format, wherein servers are dedicated computers or individual computer programs that store and transmit resources, e.g., documents and binary objects, to other computers on the network when instructed to do so. Clients are programs that request these resources from a server instructed by a user. A browser is a software program that allows users to view the retrieved documents.
Documents on the Web, referred to as Web pages, are written in a hypertext markup language (“HTML”), or a similar language, and identified by uniform resource locators (“URLs”) that specify a particular machine and pathname by which a file can be accessed. Codes, often referred to as tags, embedded in an HTML document associate particular words and images in the document with URLs so that a user can access another file or page by the press of a key or the click of a mouse. These files can comprise text, images, videos, and audio as well as applets or other small embedded software programs, written in for example, Java or ActiveX, that execute when the user activates them by clicking on a hyperlink. A user visiting a Web page also may be able to use components that supply information to a server through the use of forms, download files from a file transfer protocol (“FTP”) site, participate in chat areas, conduct business transactions, and send messages to other users via e-mail by using links on the Web page.
Unfortunately, the components that legitimate users desire and that make a web site spectacular, can also make a server, and the network attached, vulnerable to attack from the malicious, irresponsible, or criminally minded individual. This is referred to as “web hacking” and generally involves taking advantage of mistakes in Web design. Particularly, the easier it is for users to talk directly to the server through a web page, the easier it is for someone to hack into the system. Typical attacks include, but not limited to, defacing a page by deleting graphics and replacing them with doctored, sometimes lurid, graphics; altering or stealing password files; deleting files; tampering with credit and debit card numbers, and other customer information; publicizing private business information; reviewing confidential information; and searching through internal databases. Thus, web hacking causes inconvenience and perhaps irreversible damage to users, businesses, and operators of the system.
Web hacking is different from traditional system or application hacking because an attack takes place over application-layer protocols, e.g., HTTP via transmission control protocol (“TCP”) port 80. Unfortunately, conventional computer security methods fail to address or completely ignore Web hacking. For a complete understanding of the inadequacy of conventional methods, one must understand communications protocol. Particularly, the International Organization for Standardization (“ISO”) developed a set of rules or standards designed to enable computers to connect with one another and to exchange information with as little error as possible. The protocol generally accepted for standardizing overall computer communications is a seven-layer set of hardware and software guidelines known as the open systems interconnection (“OSI”) model. This protocol forms a valuable reference model and defines much of the language used in data communications.
FIG. 1 depicts an OSI architecture and the layers occupied by three widely employed conventional security methods. These conventional security methods are implemented between either the data link layer and physical layer, e.g., firewall, or the session and transport layers, e.g., secure socket layer (“SSL”) and public key infrastructure (“PKI”).
A firewall is a type of security intended to protect an organization's network against external threats coming from another network, such as the Internet. A firewall prevents computers in the organization's network from communicating directly with computers external to the network and vice versa. Instead, all communication is routed through a proxy server outside of the organization's network, and the proxy server decides whether it is safe to let a particular message type or file type pass through, based on a set of filters, to the organization's network.
A secure socket layer is an open standard developed by Netscape Communications® for establishing a secure and encrypted communications channel to prevent the interception of critical information, such as credit card information. The primary purpose of secure sockets layer is to enable secure and encrypted electronic transactions on public networks, such as the Web.
A public key infrastructure or trust hierarchy is a system of digital certificates, certificate authorities, and other registration authorities that verify and authenticate the validity of each party involved in an Internet transaction. PKIs are currently evolving and there is no single PKI nor even a single agreed-upon standard for setting up a PKI.
A drawback of the above-mentioned conventional technologies is that they only secure the perimeter of networks and they perform no application-content or application's business logic checking of operation requests at the application layer. Therefore, these conventional technologies can not prevent attacks that arise from the content of an operation request.
In web applications, web hackers can easily attack computer systems by exploiting flaws and vulnerabilities in web design. For example, default scripts may allow files to be uploaded onto a Web server; a Web server's treatment of environmental variables may be exploited; and the existence of ‘backdoors’ or flaws in third party products allow unauthorized access. These techniques can be potent attacks and are difficult to defend against. More disturbingly, each month new software vulnerabilities are discovered, but many system operators leave these holes unpatched and their systems open to preventable attacks.
Major corporations and government agencies utilizing well configured firewalls, PKI, and SSL implementations have been infiltrated by hackers using known application level intrusions. These intrusions typically involve illegal and harmful requests that are sent to an application forcing it to execute out of its intended scope of operation. This may exploit the application to damage itself, files, buffers, other applications, performance, or confidentiality of information.
There are two techniques that attempt to address these problems. However, both involve a single solution to solve the wide variety of application layer problems. For example, one technique involves wrapping a server operating system to track for suspicious events such as deleting a file or formatting a disk. A second technique involves the installation of a network filter in front of an application and updating the filter database with known patterns that can effect the application. However, it is impossible to solve all application layer problems with only a single solution to provide full protection. For example, working only in the operating system will not have an “application process context.” Further, installing a filter with known hacking patterns to match will not protect against unknown vulnerabilities or manipulations of environmental variables or the application's implemented business process.
In addition, none of the conventional solutions address the increased hacking opportunities caused by the proliferation of electronic commerce (“e-commerce”), mobile, and interactive television (“iTV”) applications. These applications generally require the combination of numerous components working together using different technologies, e.g., Web server, transaction server, databases, Java, ActiveX, and Flash objects. Further, each component has its own unique security needs. Further, because these components and the networks they run on are changing dynamically and almost instantaneously, the problem is very complex.